{"id":"CVE-2025-38441","summary":"netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()\n\nsyzbot found a potential access to uninit-value in nf_flow_pppoe_proto()\n\nBlamed commit forgot the Ethernet header.\n\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n  nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27\n  nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]\n  nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623\n  nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n  nf_ingress net/core/dev.c:5742 [inline]\n  __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837\n  __netif_receive_skb_one_core net/core/dev.c:5975 [inline]\n  __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090\n  netif_receive_skb_internal net/core/dev.c:6176 [inline]\n  netif_receive_skb+0x57/0x630 net/core/dev.c:6235\n  tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n  tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938\n  tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984\n  new_sync_write fs/read_write.c:593 [inline]\n  vfs_write+0xb4b/0x1580 fs/read_write.c:686\n  ksys_write fs/read_write.c:738 [inline]\n  __do_sys_write fs/read_write.c:749 [inline]","modified":"2026-03-20T12:42:51.610877Z","published":"2025-07-25T15:27:20.276Z","related":["MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38441.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38441.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38441"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d06977b9a4109f8738bb276125eb6a0b772bc433"},{"fixed":"a3aea97d55964e70a1e6426aa4cafdc036e8a2dd"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8bf7c76a2a207ca2b4cfda0a279192adf27678d7"},{"fixed":"eed8960b289327235185b7c32649c3470a3e969b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a2471d271042ea18e8a6babc132a8716bb2f08b9"},{"fixed":"9fbc49429a23b02595ba82536c5ea425fdabb221"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"87b3593bed1868b2d9fe096c01bcdf0ea86cbebf"},{"fixed":"e0dd2e9729660f3f4fcb16e0aef87342911528ef"},{"fixed":"cfbf0665969af2c69d10c377d4c3d306e717efb4"},{"fixed":"18cdb3d982da8976b28d57691eb256ec5688fad2"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"cf366ee3bc1b7d1c76a882640ba3b3f8f1039163"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38441.json"}}],"schema_version":"1.7.5"}